4 matches found
CVE-2026-13765 LearnPress <= 4.4.1 - Missing Authorization to Unauthenticated Sensitive Information Exposure via /lp/v1/users/check-answer and /start-quiz REST Endpoints
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.1 via the checkanswer. This makes it possible for unauthenticated attackers to extract the correct-answer markers...
EUVD-2026-45137
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.1 via the checkanswer. This makes it possible for unauthenticated attackers to extract the correct-answer markers...
CVE-2026-13765
The CVE-2026-13765 entry concerns the LearnPress WordPress LMS Plugin (versions up to 4.4.1). The connected document indicates a root cause of Inadequate access control in REST endpoints, specifically /lp/v1/users/check-answer and /start-quiz, leading to unauthenticated Sensitive Information Expo...
CVE-2025-12426 Quiz Maker <= 6.7.0.80 - Unauthenticated Sensitive Information Exposure
The Quiz Maker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.7.0.80. This is due to the plugin exposing quiz answers through the aysquizcheckanswer AJAX action without proper authorization checks. The endpoint only validates a nonce,...